The U.S. Army is set to introduce new rules mandating that software vendors provide Software Bills of Materials (SBOMs) for nearly all new software contracts by February 2025. This directive follows two years of industry feedback and marks a significant step toward improving supply chain security, aligning with President Biden’s 2021 Executive Order on Improving the Nation’s Cybersecurity (EO14028). As the deadline approaches, software vendors must comply or risk being excluded from Army contracts.
Doug Bush, the Army’s Assistant Secretary for Acquisition, Logistics, and Technology issued a memo in August 2024. The memo set a 90-day timeline for the Army to draft SBOM implementation guidelines, followed by another 90 days (about 3 months) for program offices to enforce them.
This policy will affect almost all software, including commercial off-the-shelf (COTS) and open-source software being the only exception for now.
The Army’s move is part of a broader initiative to manage software supply chain risk throughout the lifecycle of systems, making SBOMs a critical tool for identifying and mitigating vulnerabilities that could compromise national security.
An SBOM offers transparency into the software supply chain by detailing the components, libraries, and dependencies used in software applications. In other words, a software bill of materials is a list of the “ingredients” in your software, which allows you to see the level of risk in each part of your software. This is essential for detecting vulnerabilities early and preventing cyberattacks, especially in the Defense Department's highly sensitive environments.
The Army is also prioritizing bills of materials over software attestations, viewing SBOMs as a more efficient method for ensuring supply chain security.
For vendors, the mandate is clear: without SBOMs, contracts could be lost.
As the February 2025 deadline approaches, vendors need an efficient solution to generate, manage, and share SBOMs that meet the Army’s requirements. This is where Lineaje SBOM360 Hub comes in.
Comprehensive SBOM Generation
Lineaje SBOM360 Hub simplifies compliance by automating SBOM generation in line with NTIA standards. This ensures that all open-source, COTS, and custom-developed software components are accounted for and meet federal guidelines.
Proactive Vulnerability Management
While most SBOM solutions stop at identifying vulnerabilities, Lineaje goes further by actively mitigating them. Our Lineaje AI technology used in the platform not only highlights vulnerabilities but also provides fixes, even for open-source code that has no available patches. This proactive approach ensures that vendors are not just compliant but also secure.
Seamless Integration with Contracts and Subcontractors
The Army’s new SBOM policy will extend to subcontractors, making it vital for vendors to manage their entire supply chain. Lineaje SBOM360 Hub offers the ability to track, share, and manage SBOMs across multiple vendors and partners, ensuring compliance throughout the ecosystem.
Secure SBOM Exchange - Sharing SBOMs, Attestations and Evidentiary Artifacts
The platform also provides secure channels to share SBOMs and security attestations with the Army and other federal agencies, maintaining the confidentiality and integrity of sensitive data while meeting contractual obligations.
Mapping SBOMs to SKUs
Customers buy SKUs and mapping SKUs to SBOMs is done seamlessly so that when vendors are sharing their SBOMs with the government customers, they receive information specific to the products they are consuming.
Centrally Manage All SBOMs
Centrally manage all SBOMs and manage what information is shared with which customers, include managing access privileges.
The Army’s SBOM mandate is a game-changer for software vendors working with the federal government. Lineaje SBOM360 Hub not only enables vendors meet compliance but also strengthens their security posture, reducing the risk of supply chain attacks. With full support for NTIA-compliant SBOMs, proactive vulnerability fixes, and secure sharing capabilities, SBOM360 Hub is the solution that can give software vendors a competitive edge in securing Army contracts.
As the Army implements these new requirements, vendors must act quickly to ensure their software offerings remain eligible for government contracts. With Lineaje SBOM360 Hub, you can streamline SBOM creation, manage vulnerabilities effectively, and ensure compliance with evolving DoD requirements. Stay ahead of the curve and secure your contracts by partnering with Lineaje to protect your software supply chain.
Schedule a free application risk analysis and SBOM with Lineaje today to see how we can help your company navigate the new Army SBOM requirements with ease and confidence.